π GRLF Token Security Investigation Report
πͺ Token: GRLF (Green Leaf Innovations, Inc.)
π
Date: 2025-12-02
π 1. Executive Summary
πͺ 2. Token Information
Property | Value |
π·οΈ Mint Address | A7hGiMN1VKZyARprFYSRdsc2pWsnNtbfuUewUPdpXyxw |
π§ Token Program | Token-2022 (TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb) |
π° Supply | 1,000,000,000 GRLF |
π’ Decimals | 9 |
π Mint Authority | β DISABLED |
π§ Freeze Authority | β DISABLED |
π Creation Date | 2025-12-01 19:58:21 UTC |
π 3. Presale Summary
Metric | Value |
π’ Total Transactions | 77 |
π₯ Unique Buyers | 66 |
π Avg Purchases/Wallet | 1.17 |
πͺ Total Tokens Sold | 199,997,351 GRLF |
π° Total SOL Raised | 23.9422 SOL |
π― Avg Tokens/Purchase | 2,631,544.09 GRLF |
π΅ Avg SOL/Purchase | 0.3109 SOL |
π₯ 4. All Buyers (66 Unique Wallets)
# | Wallet | Purchases | First Purchase | Last Purchase |
1 | FvujTNs3FXrRCyqXvhdDrABsSDkcVMwhopeSEhFQSkk5 | 3 | 2025-12-01T19:58:37 | 2025-12-01T19:59:16 |
2 | E7aDGLWhH8GF7TzsvqSW95EWVGdGstK9eZ5wNmfX4wf3 | 3 | 2025-12-01T19:55:17 | 2025-12-01T19:56:24 |
3 | Ef5qRXUJ7ecMbri3LMeDk8VKp38BdHJvZSehHF8Z63V | 3 | 2025-12-01T19:47:23 | 2025-12-01T19:49:29 |
4 | FUBAqaEUAEm1tsHiryKPoqF7oG3xVjXdtLvZbJ2NPwHu | 2 | 2025-12-01T19:57:18 | 2025-12-01T20:02:07 |
5 | 9Z6cjK2HYVL5t6Bpae93MNztrWF5b39Xp5Nr771VxVrS | 2 | 2025-12-01T19:59:59 | 2025-12-01T20:00:32 |
6 | GhiNGszR4yDsQubBemEGpRMeYNyD3Nsem4jcZ3sFUbe7 | 2 | 2025-12-01T19:53:37 | 2025-12-01T19:58:06 |
7 | 5zAbGCwTKKCYx9dn6xnPauvQ2kNmaWCSktV9EyRE8aBF | 2 | 2025-12-01T19:50:18 | 2025-12-01T19:56:13 |
8 | GCqvoAMMUB2iR4zHx1xRXX9z4JdwX6fdnWMxt6vGHZhb | 2 | 2025-12-01T19:49:45 | 2025-12-01T19:55:27 |
9 | AU6M9erVpay5AvgHnNtR6rU6j2oavT3z4r1bkbWL2WvK | 1 | 2025-12-01T20:01:51 | 2025-12-01T20:01:51 |
10 | EewxNMUpLpApsbMPGsSTHy1cGRij8TPUdj9eNTjg2653 | 1 | 2025-12-01T20:00:53 | 2025-12-01T20:00:53 |
11 | BUWA8D7y9chffhZxVZioTTYPefrBGFaXPitpLdLatufx | 1 | 2025-12-01T20:00:32 | 2025-12-01T20:00:32 |
12 | 6KspQqDjZxmkXiN2gaPZY3VtT7Ak1AkZHgZXisrAqzLT | 1 | 2025-12-01T20:00:19 | 2025-12-01T20:00:19 |
13 | G8cX9RM5tj5d7Ff1Wf33m9QXogiT2HKBybeSTzMdBBWS | 1 | 2025-12-01T20:00:14 | 2025-12-01T20:00:14 |
14 | J5D9wa8Vw7UdK7c6bEfiGdoRQFC2eLfoqZg93hbP4eFQ | 1 | 2025-12-01T20:00:11 | 2025-12-01T20:00:11 |
15 | 4yt9Ny7CqWUBqM7VvZ4Cycbp9UwxiYHepjNEECCsqv5D | 1 | 2025-12-01T20:00:04 | 2025-12-01T20:00:04 |
16 | AduHMSqWZTecPs54KX1oeZZeComqrw7cNgSQ6c86Jj6m | 1 | 2025-12-01T20:00:00 | 2025-12-01T20:00:00 |
17 | HVeR53DNAz3AiCLfYH3UUXe2iXmenXpsaQuQgiWVYDTZ | 1 | 2025-12-01T19:59:59 | 2025-12-01T19:59:59 |
18 | 5eUmU5FYBgYnAvcdZVtS9osgrcHLXHqtZgCiEyPj7RvW | 1 | 2025-12-01T19:59:34 | 2025-12-01T19:59:34 |
19 | 4aQDjD6mhdZ6JJYWLt66XTrgXZkYwF5fD3MvADUzNavA | 1 | 2025-12-01T19:59:33 | 2025-12-01T19:59:33 |
20 | 47SGttxn5q2kB31YuPpEaG9W8bztuptMGoHknvxVcTWS | 1 | 2025-12-01T19:59:01 | 2025-12-01T19:59:01 |
21 | DTnXLdQfaExCGfjNkedFUHAuupFqiGkZKsA7D9SGF25p | 1 | 2025-12-01T19:59:01 | 2025-12-01T19:59:01 |
22 | HTrfCJNkJsbVB4DYB3foJ2Z9JXAkT4QBhY1FVrFXGj8u | 1 | 2025-12-01T19:59:00 | 2025-12-01T19:59:00 |
23 | AVnnkrbmhtaDqpyGwtaVREYLvk6eTQnYGpqhtLLFE5wF | 1 | 2025-12-01T19:58:46 | 2025-12-01T19:58:46 |
24 | 8v4925DageRwjYvzHQaNT1jpmJMjFrVZpdrmnXyv2Ryu | 1 | 2025-12-01T19:58:43 | 2025-12-01T19:58:43 |
25 | 12nnQHmrMF8N5cwRj4SP5oQqbHwkQucZwJvajA69fGB6 | 1 | 2025-12-01T19:58:38 | 2025-12-01T19:58:38 |
26 | CFoX6bSg6uBAvzmKGUT84CekUoBmx7BWVyjv9FWFsfmk | 1 | 2025-12-01T19:58:36 | 2025-12-01T19:58:36 |
27 | 3s2w5xfRuZ5mAAndvEAzNH1QU7Xb7VUxG7MWntzJX3YQ | 1 | 2025-12-01T19:58:35 | 2025-12-01T19:58:35 |
28 | 7g55zNYKyhKdCVEXCGMz6LP5jiwKoysLckkV9C3YBhmv | 1 | 2025-12-01T19:58:27 | 2025-12-01T19:58:27 |
29 | Eh2SdrCX9wzNyL943pRWPkLcqjvwVnbCYdT1sDYffM6E | 1 | 2025-12-01T19:58:26 | 2025-12-01T19:58:26 |
30 | 73hwJPRM1YfAPc6ZcrBpjPCiUsWPkmzkZQSXCcW1rPev | 1 | 2025-12-01T19:58:21 | 2025-12-01T19:58:21 |
31 | 4guhUKepWQynMb9MpQLwytov3C5JHWymhXohETqiucqc | 1 | 2025-12-01T19:58:03 | 2025-12-01T19:58:03 |
32 | HV57tBHVamStLHbquJPNxqvsuhfywRumCSjmMdtCADpY | 1 | 2025-12-01T19:57:57 | 2025-12-01T19:57:57 |
33 | 6K1WEwBN3KyxvmLtj6h4aWm7o6CnyJthbTUZYzSUWxuN | 1 | 2025-12-01T19:57:57 | 2025-12-01T19:57:57 |
34 | 5Vzv5kQyQ8EdL956PygvDpJAMHifGF5ZWRvYJYwAaEzG | 1 | 2025-12-01T19:57:47 | 2025-12-01T19:57:47 |
35 | H7gbNsiSxThPfpLDKSEtLBockXY14b3FdSYngpsEwRXi | 1 | 2025-12-01T19:57:40 | 2025-12-01T19:57:40 |
36 | FHn8oPMK8fTAaCY2HjrexmHcAq5Vivso1mgi2PraSkZx | 1 | 2025-12-01T19:57:35 | 2025-12-01T19:57:35 |
37 | 6EHNUYD9QpU9g5CHAEN655RfmYvnWASAVeqnG1n6aCLp | 1 | 2025-12-01T19:57:25 | 2025-12-01T19:57:25 |
38 | 3DYAxppq5zomRuAuvtJUicJ3YmVMjTNTqRG9CwkczoTU | 1 | 2025-12-01T19:57:22 | 2025-12-01T19:57:22 |
39 | 6WAZt2Wdja8YXCxFXAcmtfJ6ofwEuHAGdsGs9u2egMmS | 1 | 2025-12-01T19:57:15 | 2025-12-01T19:57:15 |
40 | 6HmfXxEC4E1H6EitVBfz3kMJvUmGP2bJHtVSJ91MVX1 | 1 | 2025-12-01T19:57:07 | 2025-12-01T19:57:07 |
41 | 7KrxyapRBBFj7Z1jYJ8A9CGmJkdvMDU56hK6yLDxrm5g | 1 | 2025-12-01T19:57:01 | 2025-12-01T19:57:01 |
42 | 5ziR1fsFkKyPRXFrMgv2LKEvUeE9pHuBWEHgDeke2T2B | 1 | 2025-12-01T19:56:59 | 2025-12-01T19:56:59 |
43 | EtwkpP36okhuFg3hHLNoaw1BWz2idSitk2VSKD35gTC6 | 1 | 2025-12-01T19:56:57 | 2025-12-01T19:56:57 |
44 | EkWcQdZR338Q8F6KgAFKCbSVMtuKAPNY5nV2E6Ng6zCy | 1 | 2025-12-01T19:56:30 | 2025-12-01T19:56:30 |
45 | 5nwML83F2GyLox4VeAPGbWuygGPenFVCfvkrJE9UrZuD | 1 | 2025-12-01T19:56:12 | 2025-12-01T19:56:12 |
46 | 8LAGxSCAmheGa3WDpzDuYz1EcpXc1JTj3CU5h2s4pvCB | 1 | 2025-12-01T19:56:10 | 2025-12-01T19:56:10 |
47 | 75pG2Nc6nkfBUdTEVTEVmKqzzsQJvDvHWhqKuGNR21Ut | 1 | 2025-12-01T19:56:09 | 2025-12-01T19:56:09 |
48 | 3pLW8keUqWAMQ1AwV7NQF2DRbt5Edrv87n66EQ4xTn2N | 1 | 2025-12-01T19:55:49 | 2025-12-01T19:55:49 |
49 | A2qcUE4b39JUw217gUiFp2e7xj4QKhJpkbPhEGnJWg1Y | 1 | 2025-12-01T19:55:48 | 2025-12-01T19:55:48 |
50 | GX3rft3q5NJziwNQgFxNQmuiRTfLEuvnsoEU1vRGJo5P | 1 | 2025-12-01T19:54:58 | 2025-12-01T19:54:58 |
51 | 6fwo9FwHMU9szhauYqJYZQbaL8Bfz2BW23mz47PuWXbD | 1 | 2025-12-01T19:54:51 | 2025-12-01T19:54:51 |
52 | 75kgkVpCGTBhn2PSDbT8gUV2mNvKmtwKRxoVg7akmuSj | 1 | 2025-12-01T19:54:50 | 2025-12-01T19:54:50 |
53 | FEHVR6on2NG7vmVbUDkKGGZbq46eQPmDVvcBpavdCNug | 1 | 2025-12-01T19:54:43 | 2025-12-01T19:54:43 |
54 | Deo9DBZ4CVdF9W6hQU2CDXVAbkg9GyEUhc2hCE8L12hL | 1 | 2025-12-01T19:54:13 | 2025-12-01T19:54:13 |
55 | 5Y96nNVxWimWiVUfUUwE4x8Sr8XxQX6hww7wjnttcoCi | 1 | 2025-12-01T19:53:41 | 2025-12-01T19:53:41 |
56 | 6AY3Uf7DpDVYc4pYp3zvSCbynniHTBefbh8Q4CabCAm3 | 1 | 2025-12-01T19:53:03 | 2025-12-01T19:53:03 |
57 | 3U9RjEWN5uDwXmMNYhh1NwhBNbw3UzhiDfxL1MBbA6Hp | 1 | 2025-12-01T19:52:08 | 2025-12-01T19:52:08 |
58 | CEc92DUrLJmfWwBCmaZrzXRuFNzb2S3iDmx5DKFhGGs9 | 1 | 2025-12-01T19:51:47 | 2025-12-01T19:51:47 |
59 | CHuo16FsYNM75Qz8vYx2gP6qdb8wzNUd7Zn8AmaxZXVS | 1 | 2025-12-01T19:51:41 | 2025-12-01T19:51:41 |
60 | 564j1H3yjqiUGCmzi8LRzb7oxcSfE2xVzgbXmA3g1XdK | 1 | 2025-12-01T19:51:26 | 2025-12-01T19:51:26 |
61 | ChbMRBMZNdm26tv8xUMYUb6orzDLjwTyx1ASGRGtch6U | 1 | 2025-12-01T19:51:13 | 2025-12-01T19:51:13 |
62 | HWH8zSHUR4q9B9chJ9eLaMzSRk4iZkdGJHeTEzuywJSG | 1 | 2025-12-01T19:50:56 | 2025-12-01T19:50:56 |
63 | HYDK4V1snoJDeV9GQshF5tz6BHHM9Linb21ZMxiGS7hA | 1 | 2025-12-01T19:50:35 | 2025-12-01T19:50:35 |
64 | DskP7pnLMGF1usBcDaipouL6s9Gd3QhCXo9BTFPGwLDw | 1 | 2025-12-01T19:49:59 | 2025-12-01T19:49:59 |
65 | FqrpVRn3bsu56xG4xRpVySt37CHzRC1mNipL1LbTEeho | 1 | 2025-12-01T19:49:47 | 2025-12-01T19:49:47 |
66 | 9DKS6dAR9VbQV5YmrfMCXqxb8aS7iSnWopJevA1EvXhU | 1 | 2025-12-01T12:48:27 | 2025-12-01T12:48:27 |
π 5. Distribution Analysis
π Repeat Buyers (Multiple Purchases)
Wallet | # Purchases | Pattern |
FvujTNs3FXrRCyqXvhdDrABsSDkcVMwhopeSEhFQSkk5 | 3 | π Multiple attempts |
E7aDGLWhH8GF7TzsvqSW95EWVGdGstK9eZ5wNmfX4wf3 | 3 | π Multiple attempts |
Ef5qRXUJ7ecMbri3LMeDk8VKp38BdHJvZSehHF8Z63V | 3 | π Multiple attempts |
FUBAqaEUAEm1tsHiryKPoqF7oG3xVjXdtLvZbJ2NPwHu | 2 | π Double purchase |
9Z6cjK2HYVL5t6Bpae93MNztrWF5b39Xp5Nr771VxVrS | 2 | π Double purchase |
GhiNGszR4yDsQubBemEGpRMeYNyD3Nsem4jcZ3sFUbe7 | 2 | π Double purchase |
5zAbGCwTKKCYx9dn6xnPauvQ2kNmaWCSktV9EyRE8aBF | 2 | π Double purchase |
GCqvoAMMUB2iR4zHx1xRXX9z4JdwX6fdnWMxt6vGHZhb | 2 | π Double purchase |
π Single Purchase Buyers: 58 wallets (87.9%)
π Multi-Purchase Buyers: 8 wallets (12.1%)Β
π¨ 6. Unauthorized LP Details
Property | Value |
π Pool Address | 6rs17VLSirCbuVxszvwiw6XRpvXWWP9qGYsBWE1EgPKM |
π DEX | Raydium CPMM |
π Creation Date | 2025-12-01 20:52:38 UTC (~54 min after mint) |
π§ Current Liquidity | ~$0.65 USD (practically drained) |
π΅ Current Price | $0.0002344 |
π 24h Change | -93.69% |
π₯ 7. Accounts Involved in the Incident
π¨ Mint Creator
Field | Value |
π Address | 73hwJPRM1YfAPc6ZcrBpjPCiUsWPkmzkZQSXCcW1rPev |
π° Balance | 0.0556 SOL |
π Activity | 50+ transactions |
π Note | Listed in buyers-report.md as buyer #30 |
ποΈ LP Creator
Field | Value |
π Address | 5aNoyMh9fvL2bMgHeevzmc9eBDbwGNxpKQartpZrUa3v |
π First TX | 2025-12-02 13:23:28 UTC |
π€ Suspicious Account (Trader/BOT)
Field | Value |
π Address | hswtMtZrQz1E42pVULzz5GgRHXVd2hdaeSvYSx3BRp1 |
π ATA | 8JSHg3p8cbFHNADr8KRAQPiW9Bi65ohWBuvdpum9j7qP |
πͺ GRLF Balance | 330.34 GRLF |
π Activity | 200+ transactions (VERY ACTIVE β BOT pattern) |
π§ Liquidity Provider
Field | Value |
π Address | GpMZbSM2GgvTKHJirzeGfMFoaZ8UR2X7F4v8vHTvxFbL |
π Pool Balance | 101,010 GRLF |
β±οΈ 8. Chain of Events
# | Timestamp | Event |
1οΈβ£ | 2025-12-01 19:58:21 | π¨ Token GRLF created by 73hwJPRM1Y... |
2οΈβ£ | 2025-12-01 19:58:21+ | π€ Initial token distribution β Multiple wallets receive ~4M GRLF each (automated distribution pattern). See buyers-report-detailed.md for full list |
3οΈβ£ | 2025-12-01 20:52:38 | ποΈ LP created by 5aNoyMh9fvL2bM... on Raydium CPMM |
4οΈβ£ | 2025-12-01 20:52:38 | π€ hswtMtZr... executes SWAP using program vs1ongEMwP15z6RKykbUbWwAf8WXFKNTLkfEr5JN6K7 (arbitrage/swap bot detected) |
5οΈβ£ | 2025-12-01 20:52:38+ | πΈ Multiple swaps drain liquidity β 34 bot transactions on pool, drained to ~$0.65 |
π 9. Current Token Distribution
# | Balance (GRLF) | Holder |
1οΈβ£ | 800,000,000 | 5TCpdERDzsjVm1o4P93Bu1v4aEsYug6dP54tKnbDDgub |
2οΈβ£ | 4,000,000 | DskP7pnLMGF1usBcDaipouL6s9Gd3QhCXo9BTFPGwLDw |
3οΈβ£ | 4,000,000 | 8LAGxSCAmheGa3WDpzDuYz1EcpXc1JTj3CU5h2s4pvCB |
4οΈβ£ | 4,000,000 | 4aQDjD6mhdZ6JJYWLt66XTrgXZkYwF5fD3MvADUzNavA |
... | (19 more accounts with 4M each) |
π Top 20 Total: 876,000,000 GRLF (87.6%
β‘ 10. Conclusions
Status | Finding |
β οΈ | The LP was created by a THIRD PARTY, not by the token creator |
β οΈ | The account hswtMtZr... is an ARBITRAGE/SNIPING BOT that: |
β’ Automatically detected the pool creation | |
β’ Executed multiple swaps using a specialized program | |
β’ Has 200+ transactions (automated bot pattern) | |
β οΈ | The pool has almost zero liquidity ($0.65) β it was DRAINED |
β οΈ | NO Freeze Authority enabled β accounts cannot be frozen |
βΉοΈ | The mint creator is NOT the same as the LP creator |
π‘ 11. Recommendations
# | Recommendation |
1οΈβ£ | Create your own OFFICIAL LP with significant liquidity to establish the correct price |
2οΈβ£ | Communicate to your community which LP is official vs unauthorized |
3οΈβ£ | For future tokens, enable Freeze Authority to freeze suspicious accounts |
4οΈβ£ | Consider using guardian/watcher to detect suspicious activity |
5οΈβ£ | Create the LP immediately after minting to prevent others from creating it first |
ποΈ 12. Why OTCM Protocol Requires Its Own Layer 2 Infrastructure
π« The Core Problem: Existing DEXs Strip Token-2022 Protections
This GRLF incident demonstrates a critical vulnerability in the current DeFi ecosystem. While GRLF was minted using the SPL Token-2022 program with advanced security extensions, these protections became meaningless the moment an unauthorized party created a liquidity pool on Raydium.
Here's why:
DEX | Token Standard | Transfer Hook Support | Security Extensions |
π΄ Raydium | Legacy SPL | β Not Supported | β Stripped |
π΄ Orca | Legacy SPL | β Not Supported | β Stripped |
π΄ Jupiter | Aggregator | β Not Supported | β Stripped |
π’ OTCM Layer 2 | Token-2022 Native | β Full Support | β Enforced |
Raydium, Orca, and other major Solana DEXs were built on legacy SPL token codebases that predate the Token-2022 program. They cannot process Transfer Hook extensionsβthe very mechanism that enforces OTCM's security controls:
- β 4.99% wallet limits β Not enforced on Raydium
- β Circuit breakers β Not triggered on external pools
- β Vesting schedules β Not respected by third-party LPs
- β Anti-whale protections β Completely bypassed
π― What Happened to GRLF
- β Token minted correctly with Token-2022
- β Presale distributed via smart contract (protected phase)
- β Third party creates Raydium pool β OTCM has no control
- β Bots detect pool creation instantly
- β 34 bot transactions drain liquidity in seconds
- β -93.69% price crash β Community left holding worthless tokens
The Token-2022 Transfer Hooks were never invoked because Raydium's AMM doesn't call them.
π‘οΈ OTCM Layer 2: The Solution
OTCM Protocol must build its own Layer 2 infrastructure with native Token-2022 support to ensure security protections remain active throughout the entire token lifecycle:
Feature | OTCM Layer 2 Capability |
π Native Token-2022 AMM | Every swap triggers Transfer Hook validation |
π‘οΈ Wallet Limits Enforced | 4.99% maximum holdings maintained on-chain |
β‘ Circuit Breakers Active | 30% sell threshold triggers automatic halt |
π Permanent Liquidity Lock | LP tokens burnedβrugpulls mathematically impossible |
π€ Anti-Bot Mechanisms | Transaction ordering protection, commit-reveal schemes |
π Compliance Integration | Real-time KYC/AML, regulatory reporting |
ποΈ The Regulatory Imperative
This incident underscores why regulation matters in the meme token ecosystem:
Without OTCM Protocol's Framework:
- π΄ 99% of meme tokens are scams (industry data)
- π΄ No issuer accountability or transparency
- π΄ Bots and insiders extract value from retail
- π΄ Zero investor protection
- π΄ Regulatory exposure for all participants
With OTCM Protocol's Howey Shield:
- π’ Full issuer KYC/AML verification
- π’ SEC-registered custody (Empire Stock Transfer)
- π’ 1:1 equity backing via Series M preferred shares
- π’ 42 built-in security controls
- π’ Commodity classification (not securities)
- π’ Complete on-chain transparency + traditional recordkeeping
π― Key Takeaway
OTCM cannot rely on external DEX infrastructure. The moment tokens leave the OTCM ecosystem and enter Raydium/Orca pools, all security protections evaporate.
Building a custom Layer 2 with native Token-2022 support isn't optionalβit's essential to fulfill OTCM's core promise:
"Making rugpulls mathematically impossible."
This can only be achieved when every transaction, on every pool, through every swap passes through OTCM's Transfer Hook enforcement layer.
Β